Category Started On Completed On Duration Cuckoo Version
URL 2014-07-15 10:33:28 2014-07-15 10:39:01 333 seconds 1.2-dev
Machine Label Manager Started On Shutdown On
machine4 xpmachine4 VirtualBox 2014-07-15 10:33:29 2014-07-15 10:39:00

URL Details

URL http://ylpzt.juzojossai.net/9aywse7eva
VirusTotal Permalink
VirusTotal Scan Date: 2014-07-15 13:13:25
Detection Rate: 3/57 (Expand)

Signatures

Starts servers listening on 127.0.0.1:0, 0.0.0.0:0
File has been identified by at least one AntiVirus on VirusTotal as malicious
Installs itself for autorun at Windows startup

Screenshots

Dropped Files

RGI1.tmp

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Files
  • C:\Documents and Settings\TDW\Desktop
  • C:\WINDOWS\Registration\R000000000007.clb
  • C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files
  • C:\Documents and Settings\TDW\Local Settings\History
  • C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\
  • C:\
  • C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\index.dat
  • C:\Documents and Settings\TDW\Cookies\
  • C:\Documents and Settings\TDW\Cookies\index.dat
  • C:\Documents and Settings\TDW\Local Settings\History\History.IE5\
  • C:\Documents and Settings\TDW\Local Settings\History\History.IE5\index.dat
  • C:\WINDOWS\System32\cscui.dll
  • shadow
  • IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3231303037333036372020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
  • MountPointManager
  • STORAGE#Volume#1&30a96598&0&SignatureC7EDC7EDOffset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
  • C:\Documents and Settings
  • C:\Documents and Settings\TDW
  • C:\Documents and Settings\TDW\Favorites
  • C:\Documents and Settings\TDW\Favorites\desktop.ini
  • C:\Documents and Settings\TDW\Favorites\Links
  • C:\Documents and Settings\TDW\Local Settings
  • C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\desktop.ini
  • C:\Documents and Settings\TDW\Favorites\Links\*.*
  • C:\Program Files
  • C:\Program Files\Internet Explorer
  • C:\WINDOWS\system32\msieftp.dll
  • C:\SystemRoot\AppPatch\sysmain.sdb
  • C:\SystemRoot\AppPatch\systest.sdb
  • C:\Device\NamedPipe\ShimViewer
  • C:\WINDOWS\system32\
  • msieftp.dll
  • C:\WINDOWS
  • C:\WINDOWS\system32
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\TMP4352$.TMP
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\RGI1.tmp
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\RGI1.PNF
  • C:\WINDOWS\system32\rsaenh.dll
  • C:\WINDOWS\system32\xpsp3res.dll
  • PIPE\lsarpc
  • C:\WINDOWS\system32\shdocvw.dll
  • C:\WINDOWS\system32\stdole2.tlb
  • c:\autoexec.bat
  • C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
  • C:\WINDOWS\system32\Ras\*.pbk
  • C:\Documents and Settings\TDW\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
  • C:\WINDOWS\WindowsShell.manifest
  • C:\WINDOWS\WindowsShell.Config
  • C:\Program Files\Messenger\msmsgs.exe
  • C:\WINDOWS\system32\shell32.dll
  • C:\WINDOWS\system32\url.dll
  • C:\WINDOWS\system32\mshtml.dll
  • C:\Program Files\Internet Explorer\iexplore.exe
  • C:\WINDOWS\system32\inetcpl.cpl
  • C:\Documents and Settings\TDW\Local Settings\History\desktop.ini
Mutexes
  • Shell.CMruPidlList
  • WininetStartupMutex
  • _!MSFTHISTORY!_
  • c:!documents and settings!tdw!local settings!temporary internet files!content.ie5!
  • c:!documents and settings!tdw!cookies!
  • c:!documents and settings!tdw!local settings!history!history.ie5!
  • WininetConnectionMutex
  • WininetProxyRegistryMutex
  • ShimCacheMutex
Registry Keys
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Performance
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\International
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
  • HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003_Classes
  • HKEY_LOCAL_MACHINE\Software\Classes
  • \REGISTRY\USER
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID
  • CLSID\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}
  • CLSID\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}\TreatAs
  • \CLSID\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}
  • \CLSID\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}\InprocServer32
  • \CLSID\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}\InprocServerX86
  • \CLSID\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}\LocalServer32
  • \CLSID\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}\InprocHandler32
  • \CLSID\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}\InprocHandlerX86
  • \CLSID\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}
  • HKEY_CLASSES_ROOT\CLSID\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}\TreatAs
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Security\P3Global
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Security\P3Sites
  • HKEY_CLASSES_ROOT\.htm
  • HKEY_CLASSES_ROOT\.html
  • HKEY_CLASSES_ROOT\http
  • HKEY_CLASSES_ROOT\dummy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\iexplore.exe
  • HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\
  • CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}
  • CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\TreatAs
  • \CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}
  • \CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32
  • \CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServerX86
  • \CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\LocalServer32
  • \CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocHandler32
  • \CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocHandlerX86
  • \CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}
  • HKEY_CLASSES_ROOT\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\TreatAs
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\\BagMRU
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\\BagMRU\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\\Bags\1\Shell
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\\Bags\1\Shell\Inherit
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\\Bags\AllFolders\Shell
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
  • HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}
  • HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\\Bags\AllFolders\Shell
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\IEAK
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\IEAK
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\System\Setup
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Special Paths
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014062620140627
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AUTOPROXY_CACHE_ANAME_KB921400
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840387
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CHUNK_TIMEOUT_KB914453
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CERT_TRUST_VERIFIED_KB936882
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENSURE_FQDN_FOR_NEGOTIATE_KB899417
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_DISABLE_NTLM_PREAUTH_IF_ABORTED_KB902409
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WPAD_STORE_URL_AS_FQDN_KB903926
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_KEEP_CACHE_INDEX_OPEN_KB899342
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WAIT_TIME_THREAD_TERMINATE_KB886801
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5b4dae26-b807-11d0-9815-00c04fd91972}\InProcServer32
  • CLSID\{5B4DAE26-B807-11D0-9815-00C04FD91972}
  • CLSID\{5B4DAE26-B807-11D0-9815-00C04FD91972}\TreatAs
  • \CLSID\{5B4DAE26-B807-11D0-9815-00C04FD91972}
  • \CLSID\{5B4DAE26-B807-11D0-9815-00C04FD91972}\InprocServer32
  • \CLSID\{5B4DAE26-B807-11D0-9815-00C04FD91972}\InprocServerX86
  • \CLSID\{5B4DAE26-B807-11D0-9815-00C04FD91972}\LocalServer32
  • \CLSID\{5B4DAE26-B807-11D0-9815-00C04FD91972}\InprocHandler32
  • \CLSID\{5B4DAE26-B807-11D0-9815-00C04FD91972}\InprocHandlerX86
  • \CLSID\{5B4DAE26-B807-11D0-9815-00C04FD91972}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{5B4DAE26-B807-11D0-9815-00C04FD91972}
  • HKEY_CLASSES_ROOT\CLSID\{5B4DAE26-B807-11D0-9815-00C04FD91972}\TreatAs
  • CLSID\{7EB5FBE4-2100-49E6-8593-17E130122F91}
  • CLSID\{7EB5FBE4-2100-49E6-8593-17E130122F91}\TreatAs
  • \CLSID\{7EB5FBE4-2100-49E6-8593-17E130122F91}
  • \CLSID\{7EB5FBE4-2100-49E6-8593-17E130122F91}\InprocServer32
  • \CLSID\{7EB5FBE4-2100-49E6-8593-17E130122F91}\InprocServerX86
  • \CLSID\{7EB5FBE4-2100-49E6-8593-17E130122F91}\LocalServer32
  • \CLSID\{7EB5FBE4-2100-49E6-8593-17E130122F91}\InprocHandler32
  • \CLSID\{7EB5FBE4-2100-49E6-8593-17E130122F91}\InprocHandlerX86
  • \CLSID\{7EB5FBE4-2100-49E6-8593-17E130122F91}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{7EB5FBE4-2100-49E6-8593-17E130122F91}
  • HKEY_CLASSES_ROOT\CLSID\{7EB5FBE4-2100-49E6-8593-17E130122F91}\TreatAs
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SmallIcons
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SmallIcons
  • CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
  • CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\TreatAs
  • \CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
  • \CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\InprocServer32
  • \CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\InprocServerX86
  • \CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\LocalServer32
  • \CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\InprocHandler32
  • \CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\InprocHandlerX86
  • \CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
  • HKEY_CLASSES_ROOT\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\TreatAs
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\
  • HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files
  • HKEY_CLASSES_ROOT\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InProcServer32
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03}\InProcServer32
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
  • CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}
  • CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\TreatAs
  • \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}
  • \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InprocServer32
  • \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InprocServerX86
  • \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\LocalServer32
  • \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InprocHandler32
  • \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InprocHandlerX86
  • \CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}
  • HKEY_CLASSES_ROOT\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\TreatAs
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
  • HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete
  • HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete
  • HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  • HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
  • HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e6c716a0-b561-11e1-9849-806d6172696f}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e6c716a2-b561-11e1-9849-806d6172696f}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6c716a2-b561-11e1-9849-806d6172696f}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6c716a0-b561-11e1-9849-806d6172696f}\
  • HKEY_CLASSES_ROOT\Directory
  • HKEY_CLASSES_ROOT\Directory\CurVer
  • HKEY_CLASSES_ROOT\Directory\
  • HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
  • HKEY_CLASSES_ROOT\Directory\\Clsid
  • HKEY_CLASSES_ROOT\Folder
  • HKEY_CLASSES_ROOT\Folder\Clsid
  • CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
  • CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}\TreatAs
  • \CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
  • \CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}\InprocServer32
  • \CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}\InprocServerX86
  • \CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}\LocalServer32
  • \CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}\InprocHandler32
  • \CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}\InprocHandlerX86
  • \CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
  • HKEY_CLASSES_ROOT\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}\TreatAs
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  • CLSID\{00021401-0000-0000-C000-000000000046}
  • CLSID\{00021401-0000-0000-C000-000000000046}\TreatAs
  • \CLSID\{00021401-0000-0000-C000-000000000046}
  • \CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32
  • \CLSID\{00021401-0000-0000-C000-000000000046}\InprocServerX86
  • \CLSID\{00021401-0000-0000-C000-000000000046}\LocalServer32
  • \CLSID\{00021401-0000-0000-C000-000000000046}\InprocHandler32
  • \CLSID\{00021401-0000-0000-C000-000000000046}\InprocHandlerX86
  • \CLSID\{00021401-0000-0000-C000-000000000046}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}
  • HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\TreatAs
  • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
  • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
  • HKEY_CLASSES_ROOT\CLSID\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url
  • HKEY_CLASSES_ROOT\.url
  • HKEY_CLASSES_ROOT\InternetShortcut
  • HKEY_CLASSES_ROOT\InternetShortcut\CurVer
  • HKEY_CLASSES_ROOT\InternetShortcut\
  • HKEY_CLASSES_ROOT\InternetShortcut\\ShellEx\IconHandler
  • HKEY_CLASSES_ROOT\SystemFileAssociations\.url
  • HKEY_CLASSES_ROOT\InternetShortcut\\Clsid
  • HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\Implemented Categories\{00021490-0000-0000-C000-000000000046}
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Connection Wizard
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
  • HKEY_CLASSES_ROOT\CLSID
  • HKEY_CLASSES_ROOT\CLSID\{89820200-ECBD-11CF-8B85-00AA005B4383}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
  • HKEY_CLASSES_ROOT\https
  • HKEY_CLASSES_ROOT\ftp
  • HKEY_CLASSES_ROOT\gopher
  • HKEY_CLASSES_ROOT\telnet
  • HKEY_CLASSES_ROOT\telnet\DefaultIcon
  • HKEY_CLASSES_ROOT\telnet\shell\open\command
  • HKEY_CLASSES_ROOT\rlogin
  • HKEY_CLASSES_ROOT\rlogin\DefaultIcon
  • HKEY_CLASSES_ROOT\rlogin\shell\open\command
  • HKEY_CLASSES_ROOT\tn3270
  • HKEY_CLASSES_ROOT\tn3270\DefaultIcon
  • HKEY_CLASSES_ROOT\tn3270\shell\open\command
  • HKEY_CLASSES_ROOT\mailto
  • HKEY_CLASSES_ROOT\mailto\DefaultIcon
  • HKEY_CLASSES_ROOT\mailto\shell\open\command
  • HKEY_CLASSES_ROOT\news
  • HKEY_CLASSES_ROOT\news\DefaultIcon
  • HKEY_CLASSES_ROOT\news\shell\open\command
  • HKEY_CLASSES_ROOT\InternetShortcut\CLSID
  • HKEY_CLASSES_ROOT\InternetShortcut\DefaultIcon
  • HKEY_CLASSES_ROOT\InternetShortcut\shellex\IconHandler
  • HKEY_CLASSES_ROOT\InternetShortcut\shellex\PropertySheetHandlers\{FBF23B40-E3F0-101B-8488-00AA003E56F8}
  • HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}
  • HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InProcServer32
  • HKEY_CLASSES_ROOT\http\DefaultIcon
  • HKEY_CLASSES_ROOT\https\DefaultIcon
  • HKEY_CLASSES_ROOT\ftp\DefaultIcon
  • HKEY_CLASSES_ROOT\gopher\DefaultIcon
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
  • HKEY_CLASSES_ROOT\htmlfile\DefaultIcon
  • HKEY_CLASSES_ROOT\mhtmlfile\DefaultIcon
  • HKEY_CLASSES_ROOT\http\shell\open\command
  • HKEY_CLASSES_ROOT\http\shell\open\ddeexec
  • HKEY_CLASSES_ROOT\http\shell\open\ddeexec\Application
  • HKEY_CLASSES_ROOT\http\shell\open\ddeexec\Topic
  • HKEY_CLASSES_ROOT\https\shell\open\command
  • HKEY_CLASSES_ROOT\https\shell\open\ddeexec
  • HKEY_CLASSES_ROOT\https\shell\open\ddeexec\Application
  • HKEY_CLASSES_ROOT\https\shell\open\ddeexec\Topic
  • HKEY_CLASSES_ROOT\ftp\shell\open\command
  • HKEY_CLASSES_ROOT\ftp\shell\open\ddeexec
  • HKEY_CLASSES_ROOT\ftp\shell\open\ddeexec\Application
  • HKEY_CLASSES_ROOT\ftp\shell\open\ddeexec\Topic
  • HKEY_CLASSES_ROOT\ftp\shell\open\ddeexec\ifExec
  • HKEY_CLASSES_ROOT\gopher\shell\open\command
  • HKEY_CLASSES_ROOT\gopher\shell\open\ddeexec
  • HKEY_CLASSES_ROOT\gopher\shell\open\ddeexec\Application
  • HKEY_CLASSES_ROOT\gopher\shell\open\ddeexec\Topic
  • HKEY_CLASSES_ROOT\htmlfile\shell
  • HKEY_CLASSES_ROOT\htmlfile\shell\open
  • HKEY_CLASSES_ROOT\htmlfile\shell\open\command
  • HKEY_CLASSES_ROOT\htmlfile\shell\open\ddeexec
  • HKEY_CLASSES_ROOT\htmlfile\shell\open\ddeexec\Application
  • HKEY_CLASSES_ROOT\htmlfile\shell\open\ddeexec\Topic
  • HKEY_CLASSES_ROOT\mhtmlfile\shell
  • HKEY_CLASSES_ROOT\htmlfile\shell\opennew
  • HKEY_CLASSES_ROOT\htmlfile\shell\opennew\command
  • HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec
  • HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec\IfExec
  • HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec\Application
  • HKEY_CLASSES_ROOT\htmlfile\shell\opennew\ddeexec\Topic
  • HKEY_CLASSES_ROOT\mhtmlfile\shell\open
  • HKEY_CLASSES_ROOT\mhtmlfile\shell\open\command
  • HKEY_CLASSES_ROOT\mhtmlfile\shell\open\ddeexec
  • HKEY_CLASSES_ROOT\mhtmlfile\shell\open\ddeexec\Application
  • HKEY_CLASSES_ROOT\mhtmlfile\shell\open\ddeexec\Topic
  • HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew
  • HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\command
  • HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\ddeexec
  • HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\ddeexec\IfExec
  • HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\ddeexec\Application
  • HKEY_CLASSES_ROOT\mhtmlfile\shell\opennew\ddeexec\Topic
  • HKEY_CLASSES_ROOT\CLSID\{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}
  • HKEY_CLASSES_ROOT\InternetShortcut\shell\open\command
  • HKEY_CLASSES_ROOT\InternetShortcut\shell\open
  • HKEY_CLASSES_ROOT\InternetShortcut\shellex\ContextMenuHandlers\{FBF23B40-E3F0-101B-8488-00AA003E56F8}
  • HKEY_CLASSES_ROOT\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\shellex\MayChangeDefaultMenu
  • HKEY_CLASSES_ROOT\InternetShortcut\shellex\PropertyHandler
  • HKEY_CLASSES_ROOT\Applications\iexplore.exe\shell\open\command
  • HKEY_CLASSES_ROOT\CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1abcfc13-2340-11d2-b601-006097df5bd4}\InProcServer32
  • HKEY_LOCAL_MACHINE\System\WPA\TabletPC
  • HKEY_LOCAL_MACHINE\SYSTEM\WPA\MediaCenter
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\msieftp.dll
  • CLSID\{1ABCFC13-2340-11D2-B601-006097DF5BD4}
  • CLSID\{1ABCFC13-2340-11D2-B601-006097DF5BD4}\TreatAs
  • \CLSID\{1ABCFC13-2340-11D2-B601-006097DF5BD4}
  • \CLSID\{1ABCFC13-2340-11D2-B601-006097DF5BD4}\InprocServer32
  • \CLSID\{1ABCFC13-2340-11D2-B601-006097DF5BD4}\InprocServerX86
  • \CLSID\{1ABCFC13-2340-11D2-B601-006097DF5BD4}\LocalServer32
  • \CLSID\{1ABCFC13-2340-11D2-B601-006097DF5BD4}\InprocHandler32
  • \CLSID\{1ABCFC13-2340-11D2-B601-006097DF5BD4}\InprocHandlerX86
  • \CLSID\{1ABCFC13-2340-11D2-B601-006097DF5BD4}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{1ABCFC13-2340-11D2-B601-006097DF5BD4}
  • HKEY_CLASSES_ROOT\CLSID\{1ABCFC13-2340-11D2-B601-006097DF5BD4}\TreatAs
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Driver Signing
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Non-Driver Signing
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\SOFTWARE\Microsoft\Cryptography\Providers\Type 001
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Non-Driver Signing
  • HKEY_CURRENT_USER\Software\Microsoft\Non-Driver Signing
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RenameFiles
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\DeleteFiles
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PreConvRenameFiles
  • HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet
  • HKEY_CURRENT_USER\Software\Clients\StartMenuInternet
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Control Panel\Desktop
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLOSE_EMPTY_BROWSER_KB920982
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E2E2DD38-D088-4134-82B7-F2BA38496583}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E2E2DD38-D088-4134-82B7-F2BA38496583}
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{E2E2DD38-D088-4134-82B7-F2BA38496583}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{E2E2DD38-D088-4134-82B7-F2BA38496583}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{E2E2DD38-D088-4134-82B7-F2BA38496583}\Lang0409
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB5F1910-F110-11D2-BB9E-00C04F795683}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB5F1910-F110-11D2-BB9E-00C04F795683}
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683}\Lang0409
  • CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4}
  • CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
  • \CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4}
  • \CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32
  • \CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4}\InprocServerX86
  • \CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer32
  • \CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandler32
  • \CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandlerX86
  • \CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4}
  • HKEY_CLASSES_ROOT\CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\MediaTypeClass
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\http\
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Pre Platform
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UrlMon Settings
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Ranges\
  • CLSID\{0002DF01-0000-0000-C000-000000000046}
  • CLSID\{0002DF01-0000-0000-C000-000000000046}\TreatAs
  • \CLSID\{0002DF01-0000-0000-C000-000000000046}
  • \CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocServer32
  • \CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocServerX86
  • \CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32
  • \CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandler32
  • \CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandlerX86
  • HKEY_CLASSES_ROOT\AppID\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
  • ActiveComputerName
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RASAPI32
  • HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32
  • CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}
  • CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\TreatAs
  • \CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}
  • \CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32
  • \CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServerX86
  • \CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\LocalServer32
  • \CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocHandler32
  • \CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocHandlerX86
  • \CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\TreatAs
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9ba05972-f6a8-11cf-a442-00a0c90a8f39}\InProcServer32
  • CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
  • CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\TreatAs
  • \CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
  • \CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServer32
  • \CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServerX86
  • \CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\LocalServer32
  • \CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocHandler32
  • \CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocHandlerX86
  • \CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
  • HKEY_CLASSES_ROOT\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\TreatAs
  • HKEY_CLASSES_ROOT\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}
  • HKEY_CLASSES_ROOT\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\ProxyStubClsid32
  • CLSID\{00020424-0000-0000-C000-000000000046}
  • CLSID\{00020424-0000-0000-C000-000000000046}\TreatAs
  • \CLSID\{00020424-0000-0000-C000-000000000046}
  • \CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
  • \CLSID\{00020424-0000-0000-C000-000000000046}\InprocServerX86
  • \CLSID\{00020424-0000-0000-C000-000000000046}\LocalServer32
  • \CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandler32
  • \CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandlerX86
  • \CLSID\{00020424-0000-0000-C000-000000000046}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{00020424-0000-0000-C000-000000000046}
  • HKEY_CLASSES_ROOT\CLSID\{00020424-0000-0000-C000-000000000046}\TreatAs
  • Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\ProxyStubClsid32
  • Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\Forward
  • HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}
  • HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1
  • HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0
  • HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32
  • HKEY_CLASSES_ROOT\TypeLib
  • HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}
  • HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
  • HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
  • HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
  • HKEY_CLASSES_ROOT\Interface\{00020400-0000-0000-C000-000000000046}
  • HKEY_CLASSES_ROOT\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32
  • CLSID\{00020420-0000-0000-C000-000000000046}
  • CLSID\{00020420-0000-0000-C000-000000000046}\TreatAs
  • \CLSID\{00020420-0000-0000-C000-000000000046}
  • \CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32
  • \CLSID\{00020420-0000-0000-C000-000000000046}\InprocServerX86
  • \CLSID\{00020420-0000-0000-C000-000000000046}\LocalServer32
  • \CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandler32
  • \CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandlerX86
  • \CLSID\{00020420-0000-0000-C000-000000000046}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{00020420-0000-0000-C000-000000000046}
  • HKEY_CLASSES_ROOT\CLSID\{00020420-0000-0000-C000-000000000046}\TreatAs
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Environment
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Volatile Environment
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1935655697-1606980848-1060284298-1003
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
  • HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_URLHOSTNAME
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\juzojossai.net
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\juzojossai.net
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TravelLog
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\TravelLog
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDRESS_BAR_UPDATING_KB897251
  • HKEY_CLASSES_ROOT\res
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\res\
  • HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Handler\res
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\res
  • CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
  • CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\TreatAs
  • \CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
  • \CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32
  • \CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\InprocServerX86
  • \CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\LocalServer32
  • \CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\InprocHandler32
  • \CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\InprocHandlerX86
  • \CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
  • HKEY_CLASSES_ROOT\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\TreatAs
  • HKEY_CURRENT_USER\Control Panel\International
  • HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\text/html
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\about\
  • HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Handler\about
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\about
  • CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}
  • CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\TreatAs
  • \CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}
  • \CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32
  • \CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocServerX86
  • \CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\LocalServer32
  • \CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocHandler32
  • \CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocHandlerX86
  • \CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}
  • HKEY_CLASSES_ROOT\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\TreatAs
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\internet
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\
  • CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
  • CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\TreatAs
  • \CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
  • \CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32
  • \CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServerX86
  • \CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\LocalServer32
  • \CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocHandler32
  • \CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocHandlerX86
  • \CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}
  • HKEY_CLASSES_ROOT\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\TreatAs
  • CLSID\{38F69B16-F583-40FB-B262-5C764DE868E8}
  • CLSID\{38F69B16-F583-40FB-B262-5C764DE868E8}\TreatAs
  • \CLSID\{38F69B16-F583-40FB-B262-5C764DE868E8}
  • \CLSID\{38F69B16-F583-40FB-B262-5C764DE868E8}\InprocServer32
  • \CLSID\{38F69B16-F583-40FB-B262-5C764DE868E8}\InprocServerX86
  • \CLSID\{38F69B16-F583-40FB-B262-5C764DE868E8}\LocalServer32
  • \CLSID\{38F69B16-F583-40FB-B262-5C764DE868E8}\InprocHandler32
  • \CLSID\{38F69B16-F583-40FB-B262-5C764DE868E8}\InprocHandlerX86
  • \CLSID\{38F69B16-F583-40FB-B262-5C764DE868E8}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{38F69B16-F583-40FB-B262-5C764DE868E8}
  • HKEY_CLASSES_ROOT\CLSID\{38F69B16-F583-40FB-B262-5C764DE868E8}\TreatAs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security\Floppy Access
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security\Adv AddrBar Spoof Detection
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Printing
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\blank
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blank
  • \CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\Progid
  • HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CodePage
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Version Vector
  • CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
  • CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServerX86
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer32
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandler32
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandlerX86
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
  • HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
  • HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InProcServer32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HANDLE_RELEASED_PROTOCOL_KB942169
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OPTIONS_BACKGROUNDCOLOR_KB843516
  • HKEY_CLASSES_ROOT\.gif
  • HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\image/gif
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\image/gif
  • HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Url History
  • HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Url History
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTELLIFORMS_ALTERNATE_RELEASE_KB924301
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04fb6bfc4}\InProcServer32
  • CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}
  • CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\TreatAs
  • \CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}
  • \CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32
  • \CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServerX86
  • \CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\LocalServer32
  • \CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocHandler32
  • \CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocHandlerX86
  • \CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}
  • HKEY_CLASSES_ROOT\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\TreatAs
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
  • HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP
  • HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\LanguageProfile
  • HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\LanguageProfile
  • HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Speech\Recognizers\Tokens
  • HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\LanguageProfile
  • Software\Clients\News
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm
  • HKEY_CLASSES_ROOT\htmlfile
  • HKEY_CLASSES_ROOT\htmlfile\CurVer
  • HKEY_CLASSES_ROOT\htmlfile\
  • HKEY_CLASSES_ROOT\htmlfile\\shell\edit
  • HKEY_CLASSES_ROOT\SystemFileAssociations\.htm
  • HKEY_CLASSES_ROOT\SystemFileAssociations\text
  • HKEY_CLASSES_ROOT\SystemFileAssociations\text\shell\edit
  • HKEY_CLASSES_ROOT\SystemFileAssociations\text\shell\edit\command
  • HKEY_CLASSES_ROOT\CLSID\{BDEADE7F-C265-11d0-BCED-00A0C90AB50F}\Implemented Categories\{00021494-0000-0000-C000-000000000046}
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
  • HKEY_CLASSES_ROOT\htmlfile\\ShellEx\IconHandler
  • HKEY_CLASSES_ROOT\SystemFileAssociations\text\ShellEx\IconHandler
  • HKEY_CLASSES_ROOT\htmlfile\\Clsid
  • HKEY_CLASSES_ROOT\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\Implemented Categories\{00021490-0000-0000-C000-000000000046}
  • HKEY_CLASSES_ROOT\htmlfile\\DefaultIcon
  • CLSID\{FBF23B42-E3F0-101B-8488-00AA003E56F8}\InProcServer32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISPLAY_NODE_ADVISE_KB833311
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_COMPLETE_PROGRESSBAR_ONFLASH_925973
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7b8a2d95-0ac9-11d1-896c-00c04fb6bfc4}\InProcServer32
  • HKEY_CLASSES_ROOT\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}
  • HKEY_CLASSES_ROOT\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\shell
  • HKEY_CLASSES_ROOT\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\ShellEx\IconHandler
  • HKEY_CLASSES_ROOT\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\Clsid
  • HKEY_CLASSES_ROOT\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InProcServer32
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ff393560-c2a7-11cf-bff4-444553540000}\InProcServer32
  • CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}
  • CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\TreatAs
  • \CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}
  • \CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32
  • \CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServerX86
  • \CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\LocalServer32
  • \CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocHandler32
  • \CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocHandlerX86
  • \CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\TreatAs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{FF393560-C2A7-11CF-BFF4-444553540000}
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\PhotoSupport
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

Processes

registry filesystem process services network synchronization

iexplore.exe PID: 544, Parent PID: 528

Volatility

Nothing to display.